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ABSTRACT OF THE DISCLOSURE 

A system and method is provided for automatically identifying and removing ma- 
licious data packets, such as denial-of-service (DoS) packets, in an intermediate network 
node before the packets can be forwarded to a central processing unit (CPU) in the node. 

5 The CPU's processing bandwidth is therefore not consumed identifying and removing the 
malicious packets from the system memory. As such, processing of the malicious pack- 
ets is essentially "off-loaded" from the CPU, thereby enabling the CPU to process non- 
malicious packets in a more efficient manner. Unlike prior implementations, the inven- 
tion identifies malicious packets having complex encapsulations that can not be identified 

10 using traditional techniques, such as ternary content addressable memories (TCAM) or 
lookup tables. 
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